Services disrupted as local council near GCHQ’s headquarters hit by cyberattack

Tewkesbury Borough Council in Gloucestershire, England, warned residents on Wednesday it had discovered being targeted by a cyberattack, and assumed that the perpetrators had been able to penetrate its systems.

The borough in South West England is home to around 97,000 people and surrounds the town of Cheltenham, home to the headquarters of Britain’s signals and cyber intelligence agency GCHQ.

“We are having to assume that our systems have been compromised, and we are taking the necessary cyber response steps, including shutting down our systems,” said a banner statement on the council’s website.

A council spokesperson told BBC News that “many of our services are unavailable or slower than unusual and our phone lines are expected to be very busy,” and urged residents and businesses to only contact the council when “absolutely necessary.”

The nature of the attack has not yet been confirmed, nor whether any personal information belonging to residents has been compromised.

A spokesperson for GCHQ did not respond to a request for comment about whether the incident may affect the agency’s staff.

The attack on Tewkesbury Borough Council comes as local authorities in the United Kingdom continue to suffer record levels of data security incidents caused by cyberattacks, according to the Information Commissioner’s Office.

More than 160 incidents were reported to the regulator in 2023, a significant surge on the cumulative 176 reported in the four years previously. In just the first quarter of this year, 30 incidents have already been declared. Roughly half of all of these attacks were recorded as ransomware incidents.

The compromises of personal data have often included the unlawful disclosure of sensitive personal information, from financial data through to details about people’s sex lives and their political, religious or philosophical beliefs.

A spokesperson for the Ministry of Housing, Communities & Local Government did not respond to a question about how the government was responding to the surging levels of attacks impacting local councils.

Speaking to Recorded Future News previously, Jamie MacColl, a research fellow at the Royal United Services Institute (RUSI) — whose work includes a research project on ransomware harms and the victim experience — said: “We’ve collected very little evidence that stolen or leaked personal data … is being exploited by ransomware threat actors or other cybercriminals in a systematic way.

“However, that’s not to say there aren’t incidents where very sensitive information on individuals has been published or sent to them to increase pressure. … During our research, we also heard of cases where ransomware threat actors had targeted schools and then sent stolen safeguarding data to parents to get them to increase pressure on the schools to pay.”